Phy-level wireless security

ABSTRACT

A method for communication includes generating a data transmission for transmission to a target receiver, and generating at least one jamming transmission having an amplitude that changes multiple times during the data transmission. The data transmission is transmitted to the target receiver using an antenna array, and the at least one jamming transmission is simultaneously transmitted using the antenna array.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation-in-part of U.S. patent application Ser. No. 13/400,148, filed Feb. 20, 2012, which claims the benefit of U.S. Provisional Patent Application 61/445,276, filed Feb. 22, 2011, and U.S. Provisional Patent Application 61/487,355, filed May 18, 2011. The disclosures of these related applications are incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates generally to communication systems, and particularly to methods and systems for securing wireless communication.

BACKGROUND OF THE INVENTION

Some wireless communication systems apply physical-layer (PHY) mechanisms for securing transmissions from illegitimate eavesdropping. For example, U.S. Pat. No. 7,672,400, whose disclosure is incorporated herein by reference, describes a method for secure communication in a wireless network using a spatial division multiple access transmission scheme. The method includes allocating transmission power to N channels to be transmitted to one or more destination stations by N antennas, such that the power to be received by each one of the one or more destination stations is not greater by more than a predefined power margin than a minimum power required for reception at a desired quality of service.

As another example, U.S. Pat. No. 7,751,353, whose disclosure is incorporated herein by reference, describes a method for securing a wireless transmission. The method includes transmitting a noise transmission to be received by one or more destinations other than an intended destination of a packet during a time period corresponding to the duration of the packet.

Additional examples of secure transmission schemes are described by Goel and Negi, in “Guaranteeing Secrecy using Artificial Noise,” IEEE Transactions on Wireless Communications, volume 7, no. 6, June, 2008, pages 2180-2189; and by Swindlehurst, in “Fixed SINR Solutions for the MIMO Wiretap Channel,” Proceedings of the International Conference on Acoustics, Speech and Signal Processing, Taipei, Taiwan, April, 2009, pages 2437-2440, which are incorporated herein by reference.

SUMMARY OF THE INVENTION

An embodiment of the present invention that is described herein provides a method for communication, including generating a data transmission for transmission to a target receiver, and generating at least one jamming transmission having an amplitude that changes multiple times during the data transmission. The data transmission is transmitted to the target receiver using an antenna array, and the at least one jamming transmission is simultaneously transmitted using the antenna array.

In an embodiment, generating the jamming transmission includes beamforming the jamming transmission using a beamforming vector that is orthogonal to a reception channel of the target receiver. In another embodiment, generating the jamming transmission includes setting an amplitude variation of the jamming transmission to exceed an expected dynamic range of an eavesdropping receiver. In yet another embodiment, generating the jamming transmission includes setting a rate at which the amplitude of the jamming transmission changes, so as to exceed an expected tracking rate of an eavesdropping receiver.

There is additionally provided, in accordance with an embodiment of the present invention, a communication apparatus including data generation circuitry, jamming generation circuitry and transmission circuitry. The data generation circuitry is configured to generate a data transmission for transmission to a target receiver. The jamming generation circuitry is configured to generate at least one jamming transmission having an amplitude that changes multiple times during the data transmission. The transmission circuitry is configured to transmit the data transmission to the target receiver using an antenna array, and to simultaneously transmit the at least one jamming transmission using the antenna array.

There is further provided, in accordance with an embodiment of the present invention, a method for communication including generating a data transmission including at least first and second parts in respective first and second time intervals, for transmission to a target receiver, and generating one or more jamming transmissions. Different first and second beamforming configurations are applied to the data transmission or to the jamming transmissions during the first and second time intervals, respectively. The data transmission and the one or more jamming transmissions are transmitted using an antenna array.

In an embodiment, the first part includes a training signal and the second part includes a payload signal. In another embodiment, applying the beamforming configurations includes beamforming the first part of the data transmission using the first beamforming configuration, and beamforming the second part of the data transmission using the second beamforming configuration.

In some embodiments, applying the beamforming configurations includes beamforming the first part of the data transmission using both a data beamforming configuration that is to be applied to the data transmission, and a jamming beamforming configuration that is to be applied to the jamming transmissions during the second time interval. In an example embodiment, the jamming beamforming configuration includes multiple beamforming vectors for application to multiple jamming transmissions, and beamforming the first part includes applying a spatial expansion operation to the first part of the data transmission, and applying the jamming beamforming configuration to the spatially-expanded first part of the data transmission.

There is also provided, in accordance with an embodiment of the present invention, a communication apparatus including data generation circuitry, jamming generation circuitry and transmission circuitry. The data generation circuitry is configured to generate a data transmission including at least first and second parts in respective first and second time intervals, for transmission to a target receiver. The jamming generation circuitry is configured to generate one or more jamming transmissions. The transmission circuitry is configured to apply during the first and second time intervals respective different first and second beamforming configurations to the data transmission or to the jamming transmissions, to transmit the data transmission and the at least one jamming transmission using an antenna array.

There is additionally provided, in accordance with an embodiment of the present invention, a method including transmitting signals from a transmitter, and measuring the signals at multiple locations in a coverage area of the transmitter. A criterion is derived from the measured signals. The criterion specifies Modulation and Coding Schemes (MCSs) to be used by the transmitter for transmitting a data stream to a target receiver in conjunction with one or more jamming streams, so that an eavesdropping receiver will be unable to decode the data stream.

In an embodiment, deriving the criterion includes deriving a minimum MCS to be used by the transmitter. In another embodiment, deriving the criterion includes deriving minimum MCSs to be used by the transmitter corresponding to respective locations of the target receiver. In yet another embodiment, transmitting the signals includes transmitting data transmissions using multiple MCSs and transmitting the jamming streams, and measuring the signals includes placing a first receiver that imitates the target receiver at multiple first locations, placing a second receiver that imitates the eavesdropping receiver at multiple second locations, and recording, for each first location and second location, a respective maximum MCS that is decodable by the second receiver.

In a disclosed embodiment, measuring the signals includes measuring channel responses from the transmitter to the multiple locations, and deriving the criterion includes deriving the minimum MCSs from the channel responses by simulation. In another embodiment, measuring the signals includes receiving from at least one target receiver a report that indicates that the target receiver decoded successfully a data transmission, which is intended to another target receiver and has a given MCS, and deriving the criterion includes deducing that the minimum MCS for the location of the other target receiver is higher than the given MCS.

The present invention will be more fully understood from the following detailed description of the embodiments thereof, taken together with the drawings in which:

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram that schematically illustrates a wireless communication system that uses physical-layer security, in accordance with an embodiment of the present invention;

FIG. 2 is a block diagram that schematically illustrates a transmitter of a wireless Access Point (AP), in accordance with an embodiment of the present invention;

FIG. 3 is a block diagram that schematically illustrates a wireless communication system that uses physical-layer security, in accordance with an alternative embodiment of the present invention; and

FIGS. 4-12 are flow charts that schematically illustrate methods for physical-layer security, in accordance with embodiments of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS Overview

Embodiments of the present invention that are described herein provide improved methods and systems for physical-layer security. The disclosed techniques are used in a communication system in which one or more transmitters transmit data streams to legitimate receivers, e.g., using beamforming, and apply means for protecting the data streams from being decoded by at least one eavesdropping receiver. The embodiments described herein refer to beam-formed data streams that are transmitted to the legitimate receivers, but the disclosed techniques are also applicable in schemes that transmit the data streams to the legitimate receivers without beamforming.

In order to protect against eavesdropping, the transmitters transmit one or more jamming streams, which are beam-formed so as to degrade the reception quality of the data streams at an eavesdropping receiver with little or no degradation at the legitimate receivers. Typically, no assumptions are made as to the location or properties of the eavesdropping receiver. The jamming streams may be transmitted by the same transmitter that transmits the data streams, or by a separate device referred to as a sentinel.

Some disclosed embodiments provide techniques for adaptively selecting the fraction of transmit power allocated to the jamming streams, and/or the Modulation and Coding Scheme (MCS) to be used for transmitting the data stream, so as to maintain optimal security. Other disclosed embodiments use different jamming stream configurations, e.g., modify the number of jamming streams or their beamforming vectors, for different parts of the data stream. Other disclosed techniques compute the beamforming vectors for the jamming streams by performing QR factorization of the aggregate channel matrix between the transmitter antennas and all legitimate receiver antennas.

In some embodiments, the transmitters configure the data streams and jamming streams based on implicit channel feedback. In these schemes, the transmitters assume that the uplink and downlink channels are reciprocal, and estimate the channels from uplink signals transmitted by the legitimate receivers. These schemes provide a high degree of security, relative to schemes in which the receivers send to the transmitters channel feedback that can be intercepted and exploited by the eavesdropping receiver.

In other disclosed embodiments, the transmitters choose between multiple transmission modes that provide different levels of security in preventing decoding of data streams by eavesdropping receivers. Several example transmission modes and selection criteria are described herein. Mode selection may be decided by the transmitters or by the legitimate receivers. In some embodiments, the receivers are configured differently in each transmission mode.

The methods and systems described herein improve the effectiveness of physical-layer security. At the same time, the disclosed techniques reduce the performance degradation and communication overhead that is associated with transmission of jamming streams.

System Description

FIG. 1 is a block diagram that schematically illustrates a wireless communication system 20 that uses physical-layer security, in accordance with an embodiment of the present invention. In the present example, system 20 comprises a Wireless Local Area Network (WLAN) that operates in accordance with IEEE Standard 802.11n, entitled “IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems—Local and Metropolitan Area Networks—Specific Requirements; Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications; Amendment 5: Enhancements for Higher Throughput,” October, 2009, which is incorporated herein by reference. In alternative embodiments, however, system 20 may operate in accordance with any other suitable communication standard or protocol.

System 20 comprises an Access Point (AP) 24, which communicates with one or more stations (STA) 28. System 20 applies PHY-level security techniques, which are described in detail below, to prevent transmissions of AP 24 from being illegitimately decoded by an eavesdropping receiver 32. Receiver 32 is referred to herein as “eavesdropper” for brevity. The figure shows a single AP, a single STA and a single eavesdropper for the sake of clarity. Real-life systems, however, typically comprise multiple APs 24 and multiple STAs 28, and may be subject to eavesdropping by multiple eavesdroppers 32. STAs 28, to which the data streams are addressed by the AP, are also referred to as legitimate STAs, legitimate receivers or target receivers.

AP 24 comprises multiple antennas 34. Antennas 34 are sometimes referred to as a beamforming array, although the beamforming operation is typically performed on the signals that are provided to the antennas. The AP typically transmits one or more beam-formed data transmissions, referred to as data streams, on directional transmission beams that are directed toward the STAs intended to receive the data streams.

In order to transmit a data stream to a given STA, the AP generates the signal to be transmitted, and transmits the signal simultaneously via multiple antennas 34 while applying a respective (complex) weight to each antenna. The set of weights, referred to as a beamforming vector, is selected so as to produce a directional beam that is directed toward the given STA. In the present example, AP 24 transmits a data stream to STA 28 using a beamforming vector that produces a beam 36.

In many practical scenarios, as in the example of FIG. 1, eavesdropper 32 is positioned at a location that enables it to receive beam 36 with sufficient Signal to Noise Ratio (SNR) so as to decode the data stream successfully. In order to secure the data stream, AP 24 uses the array of antennas 34 to transmit an additional beam-formed stream, referred to as a jamming stream. The jamming stream is transmitted with appropriate power and beamforming vector, which are set so as to (i) degrade the SNR at which eavesdropper 32 receives the data stream, and (ii) cause little or no SNR degradation at STA 28.

In the present context, the terms “jamming stream” and “jamming transmission” are used to describe any transmission that is not intended to convey useful data to any receiver, but rather to degrade the reception quality (e.g., SNR) at potential eavesdropping receivers. The terms SNR and Signal to Interference and Noise Ratio—SINR—are used interchangeably unless noted otherwise. Both terms refer to the power ratio between the data stream in question and the remaining signal and noise components, e.g., other data streams, jamming streams, and noise.

In the present example, the jamming stream is transmitted on a beam 40. As can be seen in the figure, the beamforming vector used for the jamming stream causes a spatial null in a direction 44 from AP 24 to STA 28, meaning that STA 28 will receive the jamming stream at a low power level that will cause little or no degradation to the decoding of the data stream carried on beam 36. Eavesdropper 32, on the other hand, is located at a direction 48 from the AP. Therefore, the eavesdropper will receive the jamming stream (beam 40) at a relatively high power level, which is comparable with that of the data stream (beam 36). As a result, the SNR of the data stream at eavesdropper 32 is poor, and there is high likelihood that the eavesdropper will fail to decode it.

In some embodiments, the jamming stream comprises a random or pseudorandom, noise-like signal. In other embodiments, the jamming stream comprises a sequence of modulated symbols that are selected at random from some symbol constellation, e.g., the same constellation used for modulating the data streams. In other embodiments, the jamming stream comprises a sequence of modulated symbols that are selected from a symbol constellation by Forward Error Correction Code (FEC) encoding and modulation of random bits. Further alternatively, the jamming stream may comprise any other suitable signal type.

FIG. 1 shows only a single data stream and a single jamming stream, for the sake of clarity. In alternative embodiments, AP 24 may transmit any desired number of data streams and any desired number of jamming streams simultaneously. Further alternatively, the jamming streams may be transmitted by a transmitter other than AP 24. An embodiment of this sort is shown in FIG. 3 further below. Additional aspects of secure transmission schemes using jamming streams are addressed in U.S. Pat. Nos. 7,672,400 and 7,751,353, cited above.

FIG. 2 is a block diagram that schematically illustrates a transmitter 50 of AP 24, in accordance with an embodiment of the present invention. Transmitter 50 generates a total of four streams—Two data streams and two jamming streams. In the present example, data for transmission is scrambled by a scrambler 54. An encoder parser 58 parses the scrambled data into blocks, and each block is encoded with a FEC by a FEC encoder 62.

A stream parser 66 parses the encoded data into two data streams. Each data stream is interleaved by a respective interleaver 70, and each interleaved data stream is mapped onto a sequence of modulated symbols by a respective constellation mapper 74. In the present example, a Cyclic Shift Diversity (CSD) module 78 applies CSD to a given data stream, i.e., spreads the signal with different cyclic shifts across multiple streams. A spatial mapping unit 82 maps each data stream onto the multiple antennas while applying the appropriate beamforming vector to the data stream. In the present example transmitter 50 comprises four transmit antennas.

In the embodiment of FIG. 2, transmitter 50 comprises two jamming stream generators 86, which generate two respective jamming streams. Spatial mapping unit 82 applies suitable beamforming vectors to the jamming streams, in a similar manner to the mapping of the data streams. Thus, unit 82 produces four outputs corresponding to four transmit antennas. Each output of unit 82 comprises a stream of samples made-up of weighted components of each of the two data streams and each of the two jamming streams, in accordance with the beamforming vectors set for the streams.

Each output of unit 82 is processed by a respective Inverse Discrete Fourier Transform (IDFT) module 90 that applies IDFT to the sample stream. A respective Guard Interval (GI) and Windowing module 94 inserts a GI into the sample stream and filters the stream with a suitable window function. A respective analog&RF module 98 converts the sample stream into an analog signal, up-converts the analog signal to RF, amplifies the RF signal and transmits the RF signal via the respective transmit antenna.

In the example of FIG. 2, the data streams comprise Orthogonal Frequency Division Multiplex (OFDM) signals that are multiplexed in the frequency domain. Note that, even in an OFDM-based system, addition of the jamming streams may alternatively be performed in the time domain. In such implementation, the coefficients of each beamforming vector of each interfering stream are, in general, Infinite Impulse Response (IIR) filters (i.e., complex rational functions in one variable D) instead of plain complex numbers.

In the embodiment of FIG. 2, transmitter 50 comprises a control unit 96, which configures transmission parameters of the data streams and/or jamming streams, using techniques that are described below. For example, unit 96 may set parameters such as the fractions of transmit power to be allocated to the jamming streams, the Modulation and Coding Schemes (MCSs) to be assigned to the data streams, and/or any other suitable transmission parameter.

In some of the embodiments described below, jamming stream generators 86 are referred to a jamming generation circuitry that generates the jamming streams, elements 54-78 are referred to as data generation circuitry that generates the data streams, and the remaining elements of transmitter 50 are referred to as transmission circuitry that transmits the data streams and the jamming streams.

FIG. 3 is a block diagram that schematically illustrates a wireless communication system 99 that uses physical-layer security, in accordance with an alternative embodiment of the present invention. In system 99, unlike system 20 of FIG. 1 above, the jamming streams are produced by a sentinel transmitter 100—A unit that is separate from AP 24. In the example of FIG. 3, sentinel 100 transmits a jamming stream on a beam 104. The beamforming vector selected by sentinel device 100 causes beam 104 to be directed in a direction 108 of eavesdropper 32, and to have a spatial null in a direction 112 of STA 28. Additional aspects of sentinel 100 are addressed in U.S. Pat. No. 7,751,353, cited above.

In this embodiment, the functionality of control unit 96 may be embodied in sentinel 100, in AP 24 or it may be partitioned between the AP and the sentinel in any suitable way.

Generally, the number of legitimate STAs 28 is denoted K (typically K=1, but not necessarily). Each legitimate STA may comprise a single receive antenna or multiple receive antennas. AP 24 and/or sentinel device 100 produces and transmits one or more data streams and one or more jamming streams so that the legitimate STAs are able to decode the data streams but eavesdropper 32 is unable to decode them, with high likelihood. Although the description that follows refers to jamming streams transmitted by AP 24, for the sake of clarity, at least some of the disclosed techniques are similarly applicable to jamming streams transmitted by sentinel device 100.

Let N denote the number of transmit antennas of AP 24, and let n_(k) denote the number of receive antennas of the k^(th) legitimate STA (kε{1, . . . , K}). The total number of receive antennas of all legitimate STAs is denoted N_(U)≡Σ_(k=1) ^(K)n_(k). In a typical application, although not necessarily, N_(U)<N. The number of jamming streams is denoted N_(D), where typically N_(D)≦N−N_(U).

Typically although not necessarily, AP 24 selects the beamforming vectors applied to the jamming streams to be (at least approximately) orthogonal to the rows of the channel matrix between AP 24 and all receive antennas of all legitimate STAs. (Alternatively, the beamforming vectors applied to the jamming streams are chosen to be approximately orthogonal to the rows of the effective channel matrix, which considers the channels after receive-side beamforming in the legitimate STAs. In the present context, the terms “communication channel” and “channel matrix” refer to either the physical channel or to the effective channel, as appropriate.)

Formally—Let H_(k)εC^(n) ^(k) ^(×N) denote the channel matrix between the AP and the k^(th) legitimate STA, and let H_(U)≡(H₁ ^(T)| . . . |H_(K) ^(T))^(T)εC^(N) ^(U) ^(×N) denote the overall channel matrix between the AP and all the legitimate STAs, wherein ( )^(T) denotes matrix transposition. The beamforming matrix B_(D)εC^(N×N) ^(D) of the jamming streams is typically constrained to satisfy the condition H_(U)B_(D)≈0. Note, however, that generally the disclosed techniques are in no way limited to jamming streams whose beamforming vectors are orthogonal to the physical or effective channels of the data streams.

The system and transmitter configurations shown in FIGS. 1-3 are example configurations, which are chosen purely for the sake of conceptual clarity. In alternative embodiments, any other suitable system or transmitter configuration can also be used. Some system or transmitter elements may be implemented in hardware, e.g., in one or more Application-Specific Integrated Circuits (ASICs) or Field-Programmable Gate Arrays (FPGAs). Additionally or alternatively, some system or transmitter elements can be implemented using software, or using a combination of hardware and software elements.

Some of the functions of the AP or the sentinel device, e.g., the functions of control unit 96, may be carried out using a general-purpose processor, which is programmed in software to carry out the functions described herein. The software may be downloaded to the processor in electronic form, over a network, for example, or it may, alternatively or additionally, be provided and/or stored on non-transitory tangible media, such as magnetic, optical, or electronic memory.

Power Fraction and MCS Selection

In some embodiments, control unit 96 in AP 24 controls the SNRs at which the data streams are received by legitimate STAs 28 and affects the SNRs at which the data streams are received by eavesdropper 32, by controlling the power fraction allocated to the jamming streams, and/or the Modulation and Coding Scheme (MCS) assigned to the data streams. The adaptation of the power fraction and/or MCS is performed based on some criterion that is set to reduce the probability of the data streams being decoded by eavesdropper 32, while enabling successful decoding of the data streams by the legitimate target STAs.

In the following description, αε(0,1) denotes the fraction of the overall transmit power P (summed over all the data streams and the jamming streams) that is allocated to the jamming streams. Generally, increasing α improves the level of security at the expense of reduced signal strength at the legitimate STAs, and vice versa.

In some embodiments, AP 24 transmits each data stream using a certain MCS that is selected from a set of possible MCSs. Each MCS defines a respective combination of modulation and FEC code, and therefore a respective data rate. In the present context, the term “higher MCS” means an MCS having a higher data rate (and hence higher order modulation, higher coding rate and/or higher number of data streams). Similarly, the term “lower MCS” means an MCS having a lower data rate (and hence lower order modulation, lower coding rate and/or smaller number of data streams). For a given decoding performance (e.g., error rate or error probability), higher MCSs typically require higher SNR, and vice versa.

In some embodiments, AP 24 sets the power fraction α at some fixed value, e.g., α=0.5, and restricts the MCS used for transmitting a data stream to a particular legitimate STA to a partial subset of the possible MCSs. In accordance with an example criterion, the AP defines the partial subset of MCSs such that, given α, the eavesdropper is expected with high probability to fail in decoding the data stream. Typically, the partial subset of MCSs is defined as the MCSs whose data rate is above a certain value (or whose index is above some minimum index, assuming the MCSs are numbered with indices that correspond to the respective data rates). This criterion restricts the choice of MCSs to those that require at least a certain SNR. With proper restriction of the MCSs, security is assured with high probability for any user that can support at least the lowest MCS in the allowed subset.

Consider, for example, K=1, i.e., a single data stream transmitted to a single legitimate STA. Since α is known, the power fraction left for the data stream is known, and the level of interference caused by the jamming stream to the legitimate STA (e.g., ≅0) is also known. This information is typically sufficient for finding the highest MCS that will still enable successful decoding by the legitimate STA. In some embodiments, AP 24 chooses the MCS for the data stream in question to be below this highest MCS, as long as the chosen MCS is in the partial subset described above. If the highest MCS is not in the partial subset, then the AP can in some embodiments declare that secure transmission is not possible for the legitimate STA and avoids transmission until the STA has channel conditions allowing the use of some MCS in the allowed subset.

AP 24 may define the partial subset of MCSs for a given data stream, e.g., set the minimum allowed MCS index, in any suitable way. In an example embodiment, AP 24 has no information on the channel to the eavesdropper. In this example the AP regards the channel to the eavesdropper as random, drawn according to some statistical distribution depending on the propagation channel. Consequently, the SNR (denoted γ) of the data stream at the eavesdropper is also random, and the statistics of γ are determined by α.

Each single-stream MCS is associated with a respective threshold SNR denoted γ_(TH) ^(MCS), such that if γ≧γ_(TH) ^(MCS), the error rate (e.g., Packet Error Rate—PER) at the eavesdropper is below the minimum PER that is considered adequate for security. In an embodiment, AP 24 restricts the choice of MCS for a given data stream to the partial subset of MCSs for which γ is likely to be below γ_(TH) ^(MCS). The AP may assume a certain channel model for this purpose, and set the Cumulative Distribution Function (CDF) of γ for this channel model. (The CDF of γ is typically calculated off-line using some assumed or measured channel model, e.g., by an external computer, and provided to the AP.) The AP may find the minimum MCS index i₀ for which the probability of having γ≧γ_(TH) ^(MCS) is sufficiently low, e.g., below some probability threshold. The AP then defines the partial subset of MCSs as the MCSs whose indices are i₀ or higher (higher indices correspond to higher MCS, and vice versa, in accordance with the definition above).

In alternative embodiments, AP 24 may define the partial subset of MCSs (e.g., define i₀) in any other suitable manner, not necessarily assuming any channel model or SNR calculation. For example, the minimum MCS index may be found in advance, e.g., using laboratory experimentation. An example laboratory experiment may include an AP and a user STA placed in a typical environment, and a potential eavesdropper that is moved between different locations in this environment. The AP transmits to the user STA using various MCSs. In each eavesdropper location, the maximum MCS decodable by the eavesdropper is recorded. The experiment can be repeated for different AP and STA locations.

In another embodiment, an ad-hoc minimum MCS index is defined. For example, if the application using the data stream is likely to require some minimum MCS index i₁ for proper operation (e.g., the application may request a desired throughput at a certain Quality-of-Service grade corresponding to i₁), AP 24 may use this MCS index and set i₀≡i₁.

As yet another example, if it is known in advance that the channel from the AP to the legitimate STAs at any point in time is one of several possible propagation channel types, then it is possible to prepare several values of i₀ in advance, one for each channel type. During operation, AP 24 may assess the current channel and choose the i₀ value corresponding to the current channel type. The AP may assess the channel based on, for example, the learned channel matrix or a function of the matrix, measured or assumed SNR, PER or any other suitable measure of the channel.

FIG. 4 is a flow chart that schematically illustrates a method for physical-layer security, in accordance with an embodiment of the present invention. The method begins with AP 24 defining a power fraction α of the total transmitted power P that is allocated to jamming streams, at a power ratio definition step 120.

AP 24 defines, based on α, a partial subset of the possible MCSs for transmitting the data streams to its intended legitimate STA, at a subset definition step 124. The partial subset of MCSs is defined so as to include only MCSs that are expected to be un-decodable by the eavesdropper. The AP may define the partial subset of MCSs using the methods described above, for example. The AP transmits the jamming streams using the power fraction α, and the data streams using an MCS selected from the respective partial subset of MCSs.

In some embodiments, unit 96 in AP 24 modifies the power fraction α allocated to the jamming streams based on the channel type between the AP and the legitimate STAs. In accordance with an example criterion, based on the Channel State Information (CSI) for the channels between the AP and the legitimate STAs, AP 24 chooses α such that (i) the SNR at eavesdropper 32 will prevent successful decoding of the data streams with high probability but (ii) the SNR at the legitimate STA will enable successful decoding.

FIG. 5 is a flow chart that schematically illustrates a method for physical-layer security, in accordance with an embodiment of the present invention. The method begins with AP 24 estimating the CSI for the channels to the legitimate STAs, at a CSI estimation step 130. The AP allocates the power fraction α for the jamming streams based on the estimated CSI, at an α allocation step 134. The AP transmits the data streams and the jamming streams at the respective power levels according to the allocated α, at a transmission step 138.

In some embodiments, AP 24 chooses α based on the SINR that the data streams would have, if they were allocated all the transmit power P (that is, if α were set to zero). Consider, for example, the case of a single legitimate STA (i.e., K=1) and a single data stream. Based on the assumed model of the propagation channel from AP 24 to this STA, the AP may store the CDF of γ=γ(α) for several values of α and in memory. (Typically, the CDFs are calculated off-line, e.g., by an external computer, and provided to the AP.) During operation, the AP can use its knowledge of the actual channel towards the legitimate STA to calculate g(0), the SNR (this time assuming no interference from the jamming stream) at the legitimate STA, assuming α=0.

Assume, in this example, that the beamforming vectors of the jamming streams are orthogonal to the channel of the legitimate STA, so that the STA is not subject to interference. In this case, the SINR at the legitimate STA for α>0, denoted g(α), is equal to the SNR and is given by (1−a)·g(0). Based on the stored CDFs of γ(α), AP 24 may find the CDFs of γ(α)/g(α), e.g., by a simple re-scaling of the x-axis.

Then, the AP may choose the value of α for which γ(α)/g(α) is below some threshold t with a sufficiently high probability p (e.g., p=0.95). The threshold t is typically set small enough to ensure that γ(α) is too low for successful decoding of the highest-rate MCS selected based on g(α). For example, for the set of MCSs defined in the IEEE 802.11n standard, cited above, t may be set between approximately −5 dB and −3 dB (these numbers are approximately the largest threshold difference between two consecutive MCSs), i.e., between approximately 0.3 and 0.5 in linear units.

The example above makes an implicit assumption that the rate selection scheme for the legitimate STA attempts to select the MCS having the highest possible rate. After α is fixed, AP 24 may find a concrete value for g(α), and consequently choose a rate for the legitimate STA. Note that in the current example, where α is chosen dynamically based on the SINR of the data streams, there is typically no limitation on the minimum allowed MCS.

In summary, the above-described example process of setting α and MCS, which is carried out by AP 24 based on the estimated CSI, comprises the following steps:

-   -   Offline:         -   Find and store the CDFs of the α-dependent SINR of the data             streams at the eavesdropper side, γ(α), for several values             of the power fraction α allocated to the jamming streams.         -   Choose the desired SINR threshold t, and the desired             probability p for the SINR to be below t.     -   During operation:         -   Find g(0), the interference-free SNR at the legitimate STA             assuming α=0, for example based on the known channel towards             the legitimate STA.         -   Using the stored CDFs of γ(α), find α₀, the lowest value of             α for which the probability that γ(α)≦t·(1−α)·g(0) is at             least p. Set α to be equal to α₀.         -   After choosing α, the SNR γ(α) at the legitimate STA is             known to be α·g(0). Choose the highest-rate MCS for which             the data stream is decodable at this known SNR.

After carrying out these steps, AP 24 may begin transmission of the data stream and jamming stream.

The example above refers to a single data stream, for the sake of clarity. In alternative embodiments, this technique can be generalized in a straightforward manner to multiple data streams. In cases where several data streams are transmitted, one effective SNR is typically used for representing them. Effective SNR may be used in various scenarios that involve multiple data streams, such as for a multi-stream MCS. In such cases, a histogram of an effective γ can be used instead of a histogram of γ. Effective SNRs that can be used for this purpose are described, for example, by Tsai and Song, in “Effective-SNR Mapping for Modeling Frame Error Rates in Multiple-State Channels,” 3GPP2-C30-20030429-010, Apr. 29, 2003, which is incorporated herein by reference.

Modifying Jamming Streams During Transmission

In some embodiments, AP 24 modifies the jamming stream configuration during a given data transmission that is transmitted on a data stream. (The description that follows refers to AP 24 for the sake of clarity. In alternative embodiments, the disclosed techniques may be carried out by sentinel 100.)

For example, a given data transmission (e.g., packet) may comprise multiple successive parts that are transmitted in respective time intervals. The AP may set the (one or more) jamming streams to different configurations during different parts of the data transmission. This feature provides an additional degree of trade-off between security and data throughput for the legitimate STA.

In an example embodiment, a packet comprises a synchronization sequence, a training sequence used for channel estimation, a part that defines the signal parameters (e.g., MCS) and a payload that carries the packet data. Packets in IEEE 802.11n and IEEE 802.11ac systems, for example, comprise training sequences that are referred to as Short training Fields (STFs) and Long Training Fields (LTFs). The packet part that defines the signal parameters is referred to as a SIGNAL field in IEEE 802.11n and IEEE 802.11ac systems. Generally, however, a packet or other data transmission may comprise any suitable number of parts of any suitable kind.

AP 24 may modify any suitable characteristic of the jamming streams from one part of the data transmission to another, and any such modification is regarded herein as a different jamming stream configuration. For example, the AP may modify the number of jamming streams that are transmitted during different parts of the data transmission. In particular, the AP may switch off the jamming streams during one or more parts of the data transmission, and switch on one or more jamming streams during one or more other parts.

When the data transmission comprises a communication packet, for example, the AP may transmit one jamming stream configuration during the packet payload, and another jamming stream configuration during packet parts other than the payload.

For IEEE 802.11n or IEEE 802.11ac packets, for example, the AP may transmit jamming streams only during the packet payload transmission, only during transmission of the payload and training sequence, or only during transmission of the payload, the training sequence and the synchronization sequence. In another example, the AP may transmit jamming streams only during the payload and the packet part used for indicating the signal parameters. Further alternatively, the AP may apply jamming selectively during any other suitable subset of the packet parts.

In yet another embodiment, jamming stream generators 86 in AP 24 are configured to generate one or more of the jamming streams with an amplitude that changes multiple times during the packet, in order to produce large signal-level variations at eavesdropping receiver 32. In other words, the AP modulates the amplitude of at least one jamming stream, typically over a large dynamic range.

In order to demodulate the data streams in the presence of amplitude-modulated jamming streams, eavesdropping receiver 32 needs to have a very large instantaneous dynamic range, or to be able to track the instantaneous received signal level. Thus, in some embodiments the AP modulates the jamming-stream amplitude with a large modulation depth that exceeds the expected dynamic range of the eavesdropping receiver. A typical modulation depth may be, for example, on the order of 12 dB, which translates to two additional bits of dynamic range in the eavesdropping receiver Analog-to-Digital Converter (ADC).

In some embodiments, the AP reduces the jamming-stream power level to a minimum during the training sequence. If the eavesdropping receiver assumes that this power level will remain for the payload part of the transmission, it will typically set its AGC accordingly. The actual jamming-stream power during payload transmission will be considerably higher than expected, causing the eavesdropping receiver to saturate.

In some embodiments, the AP modulates the jamming-stream amplitude at a rate that is likely to exceed the expected tracking rate of the eavesdropping receiver Automatic Gain Control (AGC). Such fast modulation prevents the eavesdropping receiver from tracking the received signal level variations. Modulation speed or rate may be, for example, on the order of a few microseconds, considering that the OFDM symbol length is usually 4 uS.

AP 24 may modulate the jamming-stream amplitude in any suitable way, such as using On-Off Keying (00K) that switches a jamming stream on and off alternately, using Pulse Amplitude Modulation (PAM) that modifies the jamming-stream amplitude among several values, or even by applying a sinusoidal or other analog modulating waveform.

In some embodiments, the reception performance of legitimate STAs 28 is not degraded by the jamming-stream amplitude modulation. For example, as explained above, in some embodiments the beamforming vectors of the jamming streams are orthogonal to the channels (physical or effective) of the legitimate STAs.

In many practical cases, the total transmit power of the AP is limited. In such cases there is a trade-off between allocating more power to the data streams to improve link robustness, and allocating more power to the jamming streams to improve security. When the jamming-stream power is modulated, it may be necessary to allocate considerable power to the jamming streams, especially when it is desired to provide adequate physical security over the entire range of possible jamming-stream power levels. In an example scenario, the data streams and jamming streams are allocated equal power, and then the jamming-stream power is increased by another 12 dB. In this scenario, the data streams are allocated less than 10% of the overall AP transmit power.

In alternative embodiments, the AP transmits different numbers of jamming streams during different respective parts of the data transmission. Additionally or alternatively, the AP steers the jamming streams using different beamforming vectors during different respective parts of the data transmission.

Consider, for example, an IEEE 802.11n or IEEE 802.11ac embodiment in which the beamforming vectors of the jamming streams are selected to cause substantially no interference at the legitimate STAs. In this embodiment, the AP may configure the jamming streams differently during LTF transmission and during payload transmission. During LTFs, the STAs typically do not yet have sufficient information for performing receive-side beamforming. Therefore, the jamming stream beamforming vectors should be orthogonal to the channels of all receive antennas of all legitimate STAs. During payload transmission, on the other hand, the STAs typically apply receive-side beamforming, and the jamming stream beamforming vectors may be orthogonal only to the effective, post-receive-side beamforming channels.

Since the number of data streams transmitted to a legitimate STA is typically smaller than the number of STA receive antennas, the relaxed constraint of being orthogonal only to the effective channels enables a larger number of jamming streams during payload transmission, and therefore increased security.

In the embodiments described above, AP 24 modifies the number of jamming streams and/or the beamforming vectors of the jamming streams for different parts of the data transmission. In alternative embodiments, the AP may modify any other suitable configuration of the jamming streams.

For example, the power of the jamming streams (or the ratio α defined above) may be set to different values during different parts of a transmission (e.g., packet). In accordance with the IEEE 802.11n/ac standard, the SIGNAL field should be transmitted at the lowest possible MCS of the standard. Consequently, the SIGNAL field may be more susceptible to eavesdropping. Thus, in some embodiments, the jamming stream power (or the value of α) is increased during the SIGNAL filed.

FIG. 6 is a flow chart that schematically illustrates a method for physical-layer security, in accordance with an embodiment of the present invention. The method begins with AP 24 defining different jamming stream configuration for different respective packet parts, at a definition step 140. The AP transmits a valuable data packet using one or more streams, and simultaneously transmits one or more jamming streams, at a stream transmission step 144. In transmitting the jamming streams, the AP alternates between the jamming stream configurations defined for the respective packet parts.

Since in some embodiments security is achieved by using jamming beamforming vectors that are only constrained to be orthogonal to the effective channel of the legitimate receivers, there may exist eavesdropper locations for which the jamming streams are received at lower power than the data streams. At these locations, if the channel is static (i.e., changes slowly over time) the eavesdropper may be able to decode the data streams constantly.

To overcome this problem, in some embodiments a legitimate receiver deliberately changes its RX beamforming vectors over time in order to force variations in the effective channel. While this method may somewhat degrade the achievable data rate of the legitimate receiver, it introduces a significant enhancement in security. Consider, for example, the transmission of a single data stream to a single multiple-antenna legitimate receiver. The legitimate receiver may switch between RX beamforming to the strongest and the second strongest eigenmode, and the jamming beamforming vectors will change accordingly, following the changes in the effective single-RX antenna channel. The AP may be informed of the effective channel by explicit feedback from the legitimate receiver, which reports on the effective channel (including the RX beamforming) instead of the physical channel.

Beamforming Vector Computation

The description that follows provides an example technique for calculating the beamforming vectors for the jamming streams. In the disclosed embodiments, control unit 96 of AP 24 (or sentinel 100) applies this scheme under the assumption that the jamming stream beamforming vectors are to cause zero interference to the legitimate STAs. In other words, as noted above, the beamforming vectors of the jamming streams are constrained to be orthogonal to the rows of H_(U).

In order to calculate the beamforming vectors of the jamming streams, unit 96 of AP 24 calculates an orthonormal basis for the vector subspace ker(H_(U))={x|H_(U)x=0}, a subspace that is orthogonal to the aggregate channel matrix H_(U). (For the sake of clarity, the description refers to jamming stream beamforming vectors that are orthogonal to the physical channels of the legitimate STA antennas. The disclosed technique can be used in a similar manner to calculate jamming stream beamforming vectors that are orthogonal to the effective channels following receive-side beamforming at the STAs.)

In one embodiment, AP 24 finds the orthonormal basis using LQ factorization of H_(U). In such a process H_(U) is written as H_(U)=L·Q, wherein Q is a unitary matrix QεC^(N×N), and L is a lower-triangular matrix LεC^(N) ^(U) ^(×N). Assuming that H_(U) is of full rank, the conjugate transpose of the last N−N_(U) rows of Q may serve as the desired orthonormal basis.

Alternatively, AP 24 may produce the LQ factorization of H_(U) by QR factorization of H_(U)*. In this process, H_(U)* is written as H_(U)*=Q·R, yielding H_(U)=R*Q* The AP produces the desired basis for ker(H_(U)) by taking the last N−N_(U) columns of matrix Q in the QR factorization of H_(U)*. AP 24 may perform the QR factorization using any suitable method. Examples of known methods that can be used for this purpose comprise the Householder method and the Givens rotations.

In some embodiments, for all k, the k-th legitimate STA 28 performs a Singular Value Decomposition (SVD) of its channel matrix H_(k) to obtain H_(k)=U_(k)·D_(k)·V_(k)* (with U_(k),D_(k)εC^(n) ^(k) ^(×n) ^(k) and V_(k)*εC^(n) ^(k) ^(×N), where ( )* denotes matrix conjugation and transposition), U_(k) and V_(k) have orthonormal columns, and D_(k) is diagonal), and sends the AP only V_(k). If H_(k) is full rank for all k (i.e., no zeros on the main diagonals of all matrices D_(k)), then

${\ker \left( H_{U} \right)} = {{\ker \begin{pmatrix} {U_{1}D_{1}V_{1}^{*}} \\ {U_{2}D_{2}V_{2}^{*}} \\ \vdots \\ {U_{K}D_{K}V_{K}^{*}} \end{pmatrix}} = {\ker \begin{pmatrix} V_{1}^{*} \\ V_{2}^{*} \\ \vdots \\ V_{K}^{*} \end{pmatrix}}}$

Therefore, in embodiments where all V_(k) are available instead of H_(U), the AP may derive the orthonormal basis using the above method from (V₁|V₂| . . . |V_(K))* instead of from H_(U).

FIG. 7 is a flow chart that schematically illustrates a method for calculating jamming stream beamforming vectors, in accordance with an embodiment of the present invention. The method begins with AP 24 determining the aggregated channel matrix H_(U), at a channel estimation step 150. The AP then determines the matrix Q of the QR factorization H_(U)*=Q·R, at a Q determination step 154.

AP 24 forms an orthonormal basis for ker(H_(U)) by taking the last N−N_(U) rows of Q, at a basis formation step 158. The AP then calculates the beamforming vectors for the jamming streams using the orthonormal basis, at a jamming vector calculation step 162. Typically, the AP will use the maximum possible number of jamming streams (that is, N−N_(U) jamming streams). In general, however, the number N_(d) of jamming streams may be smaller than N−N_(U), and so in some cases the AP will only have to calculate less than N−N_(U) beamforming vectors for the jamming streams.

Physical-Layer Security Using Implicit Channel Feedback

In the embodiments described above, AP 24 configures the parameters of the data streams and jamming streams (e.g., power levels, beamforming vectors, number of jamming streams and activation times for jamming streams) based on the estimated communication channels between the AP and the legitimate STAs. The AP typically receives from the legitimate STAs explicit feedback (e.g., CSI) regarding the channels from the AP, and uses the explicit feedback for configuring the data and jamming streams. In IEEE 802.11n systems, for example, the explicit feedback may comprise the actual channel matrices as measured by the STAs.

In some scenarios, however, the explicit feedback transmitted by the STAs may be used by eavesdropping receiver 32 to mitigate the physical-layer security techniques described herein. For example, the eavesdropper may intercept the explicit feedback transmissions from the STAs, reconstruct the aggregate channel matrix H_(U), and use the reconstructed channel matrix to cancel the effect of the jamming streams.

In some embodiments, control unit 96 in AP 24 assumes that the channels between the AP and the legitimate STAs are reciprocal, i.e., that the channel from a given AP antenna to a given STA antenna is substantially the same as (or is otherwise indicative of) the channel in the opposite direction. Under this assumption, the AP can receive uplink signals (e.g., sounding frames carrying training signals) from the legitimate STAs, and learn the downlink channel responses from the received uplink signals. This form of channel estimation is referred to as implicit feedback.

When system 20 uses implicit feedback, no channel feedback is transmitted over the air. Thus, eavesdropper 32 can only obtain the channel responses from the legitimate STAs to the eavesdropper (which are usually of no value) and not the channel responses between the AP and the STAs. AP 24 may implement any of the physical-layer security described herein using implicit feedback.

FIG. 8 is a flow chart that schematically illustrates a method for physical-layer security using implicit feedback, in accordance with an embodiment of the present invention. The method begins with AP 24 receiving training signals over the uplink from legitimate STAs 28, at an uplink reception step 170. AP 24 estimates the downlink channel responses, from the AP to the legitimate STAs, based on the training signals received over the uplink, at a channel estimation step 174.

The AP configures one or more data streams and/or one or more jamming streams based on the estimated downlink channel responses, at a stream configuration step 178. Any suitable parameter of the data streams and/or jamming streams may be configured based on the implicit feedback, such as power levels, beamforming vectors, number of jamming streams and activation times for jamming streams in accordance with the methods described above.

In some embodiments, when using implicit feedback, AP 24 instructs the legitimate STAs to transmit sufficient uplink signals that enable the AP to learn the full channel matrices between the STAs and the AP. In other words, AP 24 instructs the legitimate STAs to transmit training signals that provide channel information relating to all receive antennas of the legitimate STAs. For example, the AP may instruct the legitimate STAs to transmit training signals via all their antennas.

In some embodiments, AP 24 instructs a legitimate STA 28 to disable one or more of its reception chains (i.e., one or more receive antennas and associated receiver or processing circuitry) when using the physical-layer security schemes described herein with implicit feedback. This feature is useful in a number of scenarios.

For example, in some embodiments the legitimate STA comprises more receive chains (and respective receive antennas) than transmit chains (and respective transmit antennas). In such a case, even if the STA transmits uplink training signals via all the transmit antennas, the AP will not be able to deduce the full downlink channel matrix from these signals. Disabling one or more of the receive chains in the STA (e.g., leaving only those receive chains that have corresponding transmit chains) enables the system to overcome this limitation. As another example, disabling one or more of the STA receive chains will typically increase the maximum possible number of jamming streams, thereby increasing the possible security level.

Selective Application of Secure Transmission

In some embodiments, control unit 96 holds a definition of two or more transmission modes having different levels of physical-layer security, i.e., different levels of preventing eavesdropping receivers from decoding data streams. Unit 96 selects the appropriate transmission mode for transmitting a given data stream by evaluating a certain selection criterion. Several example criteria are described further below.

This sort of multi-mode operation enables the system to offer varying levels of physical-layer security to different STAs. Moreover, this technique improves the system performance, since it reduces the communication overhead and performance degradation that is associated with transmission of the jamming streams.

In some embodiments, the transmission modes comprise a secure mode and a normal mode. In the secure mode the AP (or sentinel) transmits the data stream simultaneously with one or more jamming streams, using any of the methods described herein. In the normal mode, the data stream is transmitted without jamming streams.

In some embodiments, the transmission configuration of the data stream differs between the normal and secure modes. In one embodiment, unit 96 selects the MCS (and thus the data rate) for the data stream using different rules in the two modes. Generally, higher-rate MCSs provide a higher degree of security, since they require a higher SNR at the eavesdropping receiver for successful decoding. Thus, in some embodiments, unit 96 applies a more aggressive MCS selection rule in the secure mode, in comparison with the normal mode.

Consider, for example, a rule that selects the MCS such that the Packet Error Rate (PER) is below some maximum allowed threshold t. In this embodiment, unit 96 may set t to a higher value in the secure mode and to a lower value in the normal mode. This setting enables higher security in the secure mode, at the possible expense of poorer reception at the legitimate STA.

In alternative embodiments, unit 96 causes the AP (or sentinel) to transmit channel sounding signals more frequently in the secure mode, in comparison with the normal mode. Typically, the AP selects beamforming vectors for the jamming streams based on channel feedback from the legitimate STAs. The STAs typically learn the channel by performing measurements on channel sounding signals that they receive from the AP.

Therefore, transmitting channel sounding signals more frequently increases the accuracy of the jamming stream beamforming vectors, especially when the channel varies over time. In an embodiment, the AP transmits channel sounding signals more frequently in the secure mode, in order to maintain the accuracy of the jamming stream beamforming.

In some embodiments, unit 96 selects the appropriate transmission mode depending on the Serving Set ID (SSID) with which the legitimate STA is associated. In these embodiments, the AP supports operation in multiple SSIDs. The AP associates each legitimate STA with one of the supported SSIDs, and transmits to each legitimate STA using a transmission mode that corresponds to this SSID. This technique enables the AP to provide varying levels of physical-layer security to different STAs.

In some embodiments, transmissions in one SSID are performed in a secure mode, i.e., with jamming streams, while transmission in another SSID is performed without any jamming streams. In other embodiments, in one SSID one subset of the frames (e.g., all the frames) are protected by jamming streams, while in another SSID a different subset of the frames is protected by jamming streams.

In some embodiments, the AP associates one or more STAs that require high-level physical-layer security with a given SSID, and protects all frames (including multicast and broadcast frames) in this SSID with jamming streams. In other SSIDs the multicast and broadcast frames are not protected. This technique enables the AP to prevent even legitimate STAs outside the given SSID from decoding the data streams addressed to the STAs in this SSID.

In various embodiments, transmission mode selection may be initiated by the AP or sentinel (or management application that control either of them), or by the STA. In some embodiments, frames that are to be protected by jamming streams are tagged, and the AP transmits jamming streams selectively—to protect only the tagged frames.

FIG. 9 is a flow chart that schematically illustrates a method for physical-layer security, in accordance with an embodiment of the present invention. The method begins with tagging frames that are intended for secure transmission, at a tagging step 180. Tagging of this sort can be performed, for example, by the AP, by a management application or by any other suitable entity.

When preparing to transmit a certain frame in a data stream, unit 96 in the AP checks whether the frame is tagged, at a frame checking step 184. If the frame is not tagged, as checked at a checking step 188, the AP transmits the frame using the normal transmission mode, at a normal transmission step 192. If, on the other hand, step 188 indicates that the frame is tagged, the AP transmits the frame using the secure transmission mode, at a secure transmission step 196. The method then loops back to step 184 above for processing the next frame.

In yet another embodiment, tagging of frames may depend on the Access Category (AC) mechanism of the IEEE 802.11n/ac standard (or a similar mechanism in other standards). For example, packets with the highest AC may be considered as tagged. In an alternative embodiment, the MCS subset for security, as well as the jamming stream power fraction, α, may depend on the AC, thus providing different levels of security for different ACs.

In some embodiments, the legitimate STA sends signaling requests to the AP, requesting to protect particular data streams or frames. These requests may signal the AP to start or stop transmission of jamming streams, or they may use any other suitable protocol. This mechanism enables an end-user application in the STA to select between secure and normal transmissions, e.g., in order to protect sensitive transactions.

Selective STA Configuration During Secure and Normal Transmission

As noted above, in order to apply effective physical-layer security, AP 24 should have complete channel information to all STA antennas. In various scenarios, it may not be possible for the AP to obtain complete CSI:

-   -   The AP performs single-user explicit beamforming channel         sounding for the full dimensions of the channel (number of STA         antennas), as defined in the IEEE 802.11n and IEEE 802.11ac         standards, but the STA decides to return only a subset of the         channel matrix.     -   The STA has more receive antennas than the number of supported         spatial streams. For example, 2T3R STA (with two transmit         antennas and three receive antennas) supporting 2SS (two spatial         streams). In this case, in the IEEE 802.11n standard, the AP can         sound only for a maximum dimension equal to the number of         supported spatial streams. Moreover, the AP is typically unaware         of the existence of the extra receive antennas.     -   The STA has more receive antennas than transmit antennas, and         the AP uses implicit beamforming for estimating the channel for         physical-layer security.     -   The STA uses an antenna selection/switching scheme in which         different antennas are used for reception and transmission, and         the AP uses implicit beamforming.

In some embodiments, the last three scenarios can be mitigated by instructing the STA to use the same set of antennas for transmission and reception when communicating in the secure transmission mode. For example, in the 2T3R STA that supports 2SS, the third receive antenna can be disabled in the secure transmission mode. The disabling operation may be controlled by either the AP or the STA upon entering the secure transmission mode. When the disabling is controlled by the AP, a protocol is typically defined between the AP and the STA for controlling this feature in the STA. In some embodiments, the first scenario above can be mitigated by forcing the STA to return its full channel matrix. The control over this option can be performed by the STA or by the AP.

These STA control functions above are applicable to systems in which physical-layer security is performed by an AP (e.g., FIG. 1) or by a sentinel device (e.g., FIG. 3). When using a sentinel device, the STA may be forced to reply to the sounding requests of the sentinel device. In another embodiment, the sentinel device may impersonate the AP and send the sounding request as if it is transmitted from the AP, e.g., using the proper SSID and data encryption for the STA. In these embodiments the STA would treat the channel sounding request as if it is transmitted by the AP and would therefore reply. In these implementations, the sentinel may be coordinated with the AP, e.g., receive the AP parameters to enable it to impersonate the AP.

Another scenario in which non-standard STA configuration in the secure transmission mode is useful is when the AP or sentinel needs to employ explicit beamforming, but the STA has not yet enabled its explicit sounding feedback mechanism. One such scenario occurs in the IEEE 802.11n/ac standards, when the STA has not associated to the AP. In this case, a conventional STA may not respond to sounding requests, and so to enable physical-layer security, the STA must be configured to support sounding even before association. It should be noted that pre-association transactions are typically not encrypted, and therefore there is particular value in employing physical-layer security methods at this stage.

FIG. 10 is a flow chart that schematically illustrates a method for physical-layer security, in accordance with an embodiment of the present invention. The method begins with the AP or STA checking whether transmission is conducted using the secure or normal transmission mode, at a mode checking step 200. If transmission is conducted using the secure transmission mode, the STA is forced to disable one or more of its receive antennas (and associated receive chain), and/or to feedback its full channel matrix, at a STA configuration step 204. Otherwise, the STA configuration is skipped.

Selective Triggering of Sentinel Device

In some embodiments, sentinel device 100 of FIG. 3 attempts to intercept data transmissions that should be protected with one or more jamming streams. One possible way to identify a data transmission is to decode the receiver and/or sender address in the Medium Access Control (MAC) header of the frame. In this mode of operation (aspects of which are described, for example, in U.S. Pat. No. 7,751,353, cited above) the sentinel decodes the MAC addresses in the header. When the sentinel identifies an address that should be secured, it switches from reception to transmission and starts transmitting one or more jamming streams that are orthogonal to the destination of the frames.

This approach, however, is sub-optimal, for example since the MAC header is not protected by CRC and may therefore be unreliable. Moreover, the jamming streams protect only the data portion of the frame and not the preamble (since the preamble precedes the MAC header). It can be shown that physical-layer security is enhanced when parts of the preamble are also protected by the jamming streams.

In some embodiments, sentinel 100 identifies the frames to be protected by detecting the exchange of Request-To-Send/Clear-To-Send (RTS/CTS) messages that precedes the frames in question, from which the identity of the target STA intended to receive the data stream is recognizable. The sentinel can then provide security to all frames (downlink or uplink) that are exchanged during the transaction (TXOP) in which the detected RTS/CTS took place. In these embodiments, the sentinel can transmit the jamming streams starting from the preamble, since it has no need to intercept the address in the MAC header of each frame.

In an alternative embodiment, the sender of the frames can be coordinated with the sentinel and notify it in advance that certain frames should be protected (e.g. the frames that immediately follow the notification). The coordination can be done over the air or using any other suitable means.

Isotropic Transmission of LTF Using Jamming-Stream Beamforming Vectors

In some embodiments, when the data stream has at least first and second parts, control unit 96 in AP 24 applies different beamforming configurations in the first part and in the second part, in order to prevent eavesdropping receiver 32 from using the first part to prepare for the second part. The different beamforming configurations may be applied to the data stream and/or to one or more of the jamming streams.

Consider, for example, an IEEE 802.11n or 802.11ac packet that comprises a training signal (e.g., LTF) followed by a payload signal. If the same beamforming configuration were used for both the training signal and the payload signal, the eavesdropping receiver could use the training signal to estimate the optimal channel response and channel matrix for decoding the payload and suppressing the jamming streams, since the training signals are known signals.

In some embodiments, control unit 96 overcomes this issue by transmitting the training signal (during the first part of the packet) using the beamforming configuration that will be used for transmitting the jamming streams during the second part, in addition to simultaneously transmitting the training signal through the beamforming vectors of the data streams. The legitimate target STA is unaffected by this change, since the jamming-stream beamforming vectors are typically orthogonal to the data streams and to the target STA's receive-side beamforming configuration.

Transmitting the training signal using the jamming-stream beamforming configuration causes the training signal to be transmitted isotropically, because the jamming-stream beamforming vectors typically complement the data-stream beamforming vectors to jointly span the entire channel matrix.

When eavesdropping receiver 32 receives the training signal transmitted using the above scheme, it has no way of distinguishing between the signal component transmitted using the data-stream beamforming configuration and the signal component transmitted using the jamming-stream beamforming configuration. The eavesdropping receiver thus has no way of deriving the directions of the jamming streams.

The eavesdropping receiver will typically configure its reception scheme (e.g., receive equalizer) based on the isotropic transmission. This reception scheme is totally unsuitable for receiving the second part, and will cause the eavesdropping receiver to receive mainly noise. Redesigning the equalizer in real-time, during the second part, to suppress the noise is extremely challenging. Typically, the AP does not transmit the jamming streams during the first part of the packet, and instead transmit only the LTFs isotropically as explained above.

In many practical cases, the number of data streams is smaller than the number of jamming streams, and the AP should therefore expand the dimensionality of the data streams in order to beamform them using the jamming-streams beamforming vectors.

Consider, for example, a configuration of a four-antenna AP that transmits a single data stream and three jamming streams. In this example the AP transmission circuitry uses a single 1×4 beamforming vector for transmitting the data stream, and a 3×4 matrix of beamforming vectors to transmit the three jamming streams.

In order to transmit the LTFs using the jamming-stream beamforming configuration, the AP should expand the dimensionality of the single data stream from one to three. In some embodiments, the AP transmission circuitry increases the data-stream dimensionality by applying a expansion matrix, such as expansion matrices used in MIMO systems for expanding the number of spatial streams to match the number of transmit antennas. Spatial expansion matrices are described, for example, in section 20.3.11.10.1 of the 802.11n standard, cited above. After expansion, the AP transmission circuitry applies the jamming-stream beamforming vectors to the expanded signal.

In the example AP above, the AP expands the dimensionality of the training signals (LTFs) from one to three for beamforming with the jamming-stream beamforming vectors during the first part. The AP does not expand the signal at all (in both the first and second parts), since the signal is mapped to a single 1×4 beamforming vector.

FIG. 11 is a flow chart that schematically illustrates a method for physical-layer security, in accordance with an embodiment of the present invention. The method begins with control unit 96 of AP 24 computing beamforming vectors for the data streams and jamming streams, at a beamforming computation step 210. Spatial mapping unit 82 expands the LTF signal using a suitable expansion matrix, at an expansion step 214.

During the first part of the packet, AP 24 transmits the expanded training (LTF) signal using both the jamming-stream and the data-stream beamforming vectors, at a LTF transmission step 218. During the second part of the packet, the AP transmits the payload signal (data streams) using the data-stream beamforming vectors, and the jamming streams using the jamming-stream beamforming vectors, at a transmission step 222.

Site Survey Schemes for Mapping MCS Restrictions Per Location

In some embodiments described above, AP 24 restricts the transmission to a given STA 28 to a subset of the possible MCSs, which eavesdropping receiver 32 is likely to fail to decode. For example, for given channel conditions and for a given set of data-stream and jamming-stream beamforming vectors designed for communication with a given STA, there typically exists a respective minimum MCS. As long as the AP uses the minimum MCS or a higher MCS as part of a secure transmission, the eavesdropping receiver will fail to decode the data stream regardless of the eavesdropping receiver location.

In some embodiments, the minimum MCS may be determined by performing a site survey. In an example survey process, a first receiver that plays the role of the target STA is placed at several typical locations in the coverage area of AP 24. For each location of the target STA, AP 24 transmits to the STA using the secure mode (i.e., with one or more jamming streams). At the same time, the AP coverage area is surveyed using a second receiver that plays the role of an eavesdropping receiver.

The survey process records, per target-STA location and eavesdropping-receiver location, which MCSs are successfully decodable by the eavesdropping receiver. The outcome of this process is a list of minimum MCSs per target-STA location and eavesdropping-receiver location.

The list of minimum MCSs can be used in various ways by unit 96 of AP 24 to select the MCS for a particular transmission. In one embodiment, the AP may apply a min-max criterion, i.e., configure a global minimum MCS to be the highest minimum MCS in the list. Such a criterion is simple to implement, because it set a single minimum MCS for all transmissions. On the other hand, the global minimum MCS may be unnecessarily high for many locations of the target STA.

In an alternative embodiment, control unit 96 sets the minimum MCS depending on the location of the target STA. The AP may determine or estimate the target STA location in any suitable way, e.g., using Wi-Fi positioning techniques. It can be assumed that channel conditions do not change radically in the vicinity of the target STA location. Having estimated the target STA location, the AP sets the minimum MCS by performing min-max on the minimum MCS measurements for that location. In other words, for the particular location of the target STA, the AP selects the highest minimum MCS over the various eavesdropping receiver locations.

FIG. 12 is a flow chart that schematically illustrates a method for site survey, in accordance with an embodiment of the present invention. The method begins by positioning a legitimate target STA at various locations in the coverage area of AP 24, at a STA positioning step 230. An eavesdropping receiver is also moved between various locations in the coverage area of the AP, at an eavesdropper positioning step 234.

For each target-STA location and eavesdropping-receiver location, the AP transmits to the legitimate STA using various MCSs, at a transmission step 238. The maximum MCS, for which decoding by the eavesdropping receiver is successful, is recorded per target-STA location and eavesdropping-receiver location, at a maximum MCS recording step 242. The minimum MCS, per target-STA location, is derived from the list of maximum MCSs, at a minimum MCS derivation step 246.

The site survey process of FIG. 12 involves three devices—The AP, an example eavesdropping receiver and an example target STA. This process is long and tedious since it involves scanning over all combinations of target-STA location and eavesdropping-receiver location.

In an alternative embodiment, the site survey involves only capturing channel estimate measurements at various locations in the AP coverage area (estimates of the channel response between the AP and various locations). The list of channel estimates can then be transformed into a list of minimum MCS per location, using off-line simulation, by associating some of the channel estimates with legitimate STAs, and the rest as eavesdroppers.

In yet another embodiment, the site survey is performed by collecting statistics from real system operation of real-life STAs. For example, one or more STAs may be configured to cooperate with AP 24 and report whenever they are able to intercept (and successfully decode) a frame destined to another legitimate STA (in physical security mode). These STAs therefore effectively function as eavesdropping receivers, eliminating the need to scan the site with a dedicated eavesdropping receiver.

Upon receiving such a report from an STA, the AP may deduce that the MCS used for transmitting the frame was too low, since an unintended STA (imitating an eavesdropping receiver) decoded the frame successfully. In other words, the AP deduces that the minimum MCS for the location of the intended target STA should be higher than the MCS used in the frame intercepted by the cooperating STA.

Further alternatively, any other suitable site survey process can be used for determining the minimum MCSs to be used in the secure transmission mode.

It will be appreciated that the embodiments described above are cited by way of example, and that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention includes both combinations and sub-combinations of the various features described hereinabove, as well as variations and modifications thereof which would occur to persons skilled in the art upon reading the foregoing description and which are not disclosed in the prior art. Documents incorporated by reference in the present patent application are to be considered an integral part of the application except that to the extent any terms are defined in these incorporated documents in a manner that conflicts with the definitions made explicitly or implicitly in the present specification, only the definitions in the present specification should be considered. 

1. A method for communication, comprising: generating a data transmission for transmission to a target receiver; generating at least one jamming transmission having an amplitude that changes multiple times during the data transmission; and transmitting the data transmission to the target receiver using an antenna array, and simultaneously transmitting the at least one jamming transmission using the antenna array.
 2. The method according to claim 1, wherein generating the jamming transmission comprises beamforming the jamming transmission using a beamforming vector that is orthogonal to a reception channel of the target receiver.
 3. The method according to claim 1, wherein generating the jamming transmission comprises setting an amplitude variation of the jamming transmission to exceed an expected dynamic range of an eavesdropping receiver.
 4. The method according to claim 1, wherein generating the jamming transmission comprises setting a rate at which the amplitude of the jamming transmission changes, so as to exceed an expected tracking rate of an eavesdropping receiver.
 5. A communication apparatus, comprising: data generation circuitry, which is configured to generate a data transmission for transmission to a target receiver; jamming generation circuitry, which is configured to generate at least one jamming transmission having an amplitude that changes multiple times during the data transmission; and transmission circuitry, which is configured to transmit the data transmission to the target receiver using an antenna array, and to simultaneously transmit the at least one jamming transmission using the antenna array.
 6. The apparatus according to claim 5, wherein the transmission circuitry is configured to beamform the jamming transmission using a beamforming vector that is orthogonal to a reception channel of the target receiver.
 7. The apparatus according to claim 5, wherein the jamming generation circuitry is configured to set an amplitude variation of the jamming transmission to exceed an expected dynamic range of an eavesdropping receiver.
 8. The apparatus according to claim 5, wherein the jamming generation circuitry is configured to set a rate at which the amplitude of the jamming transmission changes, so as to exceed an expected tracking rate of an eavesdropping receiver.
 9. A method for communication, comprising: generating a data transmission comprising at least first and second parts in respective first and second time intervals, for transmission to a target receiver; generating one or more jamming transmissions; applying during the first and second time intervals respective different first and second beamforming configurations to the data transmission or to the jamming transmissions; and transmitting the data transmission and the one or more jamming transmissions using an antenna array.
 10. The method according to claim 9, wherein the first part comprises a training signal and the second part comprises a payload signal.
 11. The method according to claim 9, wherein applying the beamforming configurations comprises beamforming the first part of the data transmission using the first beamforming configuration, and beamforming the second part of the data transmission using the second beamforming configuration.
 12. The method according to claim 9, wherein applying the beamforming configurations comprises beamforming the first part of the data transmission using both a data beamforming configuration that is to be applied to the data transmission, and a jamming beamforming configuration that is to be applied to the jamming transmissions during the second time interval.
 13. The method according to claim 12, wherein the jamming beamforming configuration comprises multiple beamforming vectors for application to multiple jamming transmissions, and wherein beamforming the first part comprises applying a spatial expansion operation to the first part of the data transmission, and applying the jamming beamforming configuration to the spatially-expanded first part of the data transmission.
 14. A communication apparatus, comprising: data generation circuitry, which is configured to generate a data transmission comprising at least first and second parts in respective first and second time intervals, for transmission to a target receiver; jamming generation circuitry, which is configured to generate one or more jamming transmissions; and transmission circuitry, which is configured to apply during the first and second time intervals respective different first and second beamforming configurations to the data transmission or to the jamming transmissions, to transmit the data transmission and the at least one jamming transmission using an antenna array.
 15. The apparatus according to claim 14, wherein the first part comprises a training signal and the second part comprises a payload signal.
 16. The apparatus according to claim 14, wherein the transmission circuitry is configured to beamform the first part of the data transmission using the first beamforming configuration, and to beamform the second part of the data transmission using the second beamforming configuration.
 17. The apparatus according to claim 14, wherein the transmission circuitry is configured to beamform the first part of the data transmission using both a data beamforming configuration that is to be applied to the data transmission, and a jamming beamforming configuration that is to be applied to the jamming transmissions during the second time interval.
 18. The apparatus according to claim 17, wherein the jamming beamforming configuration comprises multiple beamforming vectors for application to multiple jamming transmissions, and wherein the transmission circuitry is configured to apply a spatial expansion operation to the first part of the data transmission, and to apply the jamming beamforming configuration to the spatially-expanded first part of the data transmission.
 19. A method, comprising: transmitting signals from a transmitter; measuring the signals at multiple locations in a coverage area of the transmitter; and deriving from the measured signals a criterion, which specifies Modulation and Coding Schemes (MCSs) to be used by the transmitter for transmitting a data stream to a target receiver in conjunction with one or more jamming streams, so that an eavesdropping receiver will be unable to decode the data stream.
 20. The method according to claim 19, wherein deriving the criterion comprises deriving a minimum MCS to be used by the transmitter.
 21. The method according to claim 19, wherein deriving the criterion comprises deriving minimum MCSs to be used by the transmitter corresponding to respective locations of the target receiver.
 22. The method according to claim 19, wherein transmitting the signals comprises transmitting data transmissions using multiple MCSs and transmitting the jamming streams, and wherein measuring the signals comprises placing a first receiver that imitates the target receiver at multiple first locations, placing a second receiver that imitates the eavesdropping receiver at multiple second locations, and recording, for each first location and second location, a respective maximum MCS that is decodable by the second receiver.
 23. The method according to claim 19, wherein measuring the signals comprises measuring channel responses from the transmitter to the multiple locations, and wherein deriving the criterion comprises deriving the minimum MCSs from the channel responses by simulation.
 24. The method according to claim 19, wherein measuring the signals comprises receiving from at least one target receiver a report that indicates that the target receiver decoded successfully a data transmission, which is intended to another target receiver and has a given MCS, and wherein deriving the criterion comprises deducing that the minimum MCS for the location of the other target receiver is higher than the given MCS. 